Dylan Goes Electric And Innovation In Your Compliance Strategy

by Thomas Fox

This past weekend was the 48th anniversary of the Newport Folk Festival where Bob Dylan went electric. At this event, Dylan played an electric guitar for the first time publicly. Many of his folk music aficionados were horrified, with some even calling him ‘Judas’. But Dylan changed the face and style of not only his own music and basically created the folk rock genre with that innovation. And of course, he has been electric since that time. Rock on, Bob.

Dylan’s change of style introduces the topic of innovation in your compliance program. Mike Volkov, Donne Boehme, Jeff Kaplan and others often write about creating strategic advantage through your compliance and ethics program. But how can you maintain that strategic advantage? Rita Gunther McGrath, in an article in the June issue of the Harvard Business Review, entitled “Transient Advantage”, says that the “dominant idea in the field of strategy—that success consists of establishing a unique competitive position sustained for long periods of time—is no longer relevant for most businesses.” She believes that businesses need to learn how to launch strategic initiatives “again and again” and that to do so will require a new set of corporate operational capabilities.

I thought about her concept in the context of a compliance program. Certainly innovation is not an alien concept to the compliance practitioner. I have long heard the following quote attributed to former Assistant Attorney General, for the Criminal Division of the US Department of Justice (DOJ), Lanny Breuer, “Your compliance program is a living entity; it should be constantly evolving.” This concept is enshrined in the FCPA Guidance as one of the Ten Hallmarks of an Effective Compliance Program, No. 10 entitled “Continuous Improvement: Periodic Testing and Review”. The Guidance states that “a good compliance program should constantly evolve. A company’s business changes over time, as do the environments in which it operates, the nature of its customers, the laws that govern its actions, and the standards of its industry. In addition, compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.”

McGrath believes that the life cycle of competitive strategy is outdated and needs to be viewed through the lens of a more fast-moving world which requires more corporate dexterity. She provides “a portfolio of transient advantages” that companies need to use in the way they operate around strategies. Using her eight major shifts, I will tie them to the requirements for a constantly evolving compliance strategy.

  1. Think about arenas, not industries. In the compliance world, this means you need to look outside your industry for opportunities or issues which might impact your company. Remember the Watts Water Foreign Corrupt Practices Act (FCPA) enforcement action? That came about because the company’s General Counsel (GC) read about another company in another industry which used a similar sales model as Watts Water in China. He wondered if his company might have some FCPA exposure and it turned out that the company did. Similarly, if you are doing business in China today and use travel agencies for travel, entertainment, business courtesies, or any other reasons, I would suggest that you take a close look at those practices as soon as possible, based on what has happened to GlaxoSmithKline PLC (GSK) over the past couple of weeks.
  2. Set broad themes, and then let people experiment. Here McGrath talks about ways for a company to “rethink their business model, reinvent their workforces, and rewire their operations.” This is precisely true for the compliance function as well. Most generally, employees want to do business in the right way and ethically. Give them the tools and opportunities to do so through training and support. Two examples might be that if your company still allows facilitation payments, use your employee base to come up with alternative methods of dealing with this issue. You can use smaller employee groups to drive home the message of compliance through less formal training mechanisms which provide more support for them. And here you are only limited by your imagination.
  3. Adopt metrics that support entrepreneurial growth. For the compliance practitioner, I think that increased metrics should mean more monitoring on the back end of transactions. This is because it not only makes good compliance sense, it makes good business sense. So if you have a significant sales spike in a new international region or area, what happened and how do you know? In answering these questions, it is clearly important that management understands the business cause of significant sales increases and that there could be other issues involved in the situation that may require consideration by the compliance practitioner.
  4. Focus on experiences and solutions to problems. Under this prong, I believe the key is to listen to what your employees have to say. Travel to multiple company locations across the globe and meet with as many employees as possible. You can do this through town hall settings with key employee leaders, meetings with key stakeholders and employees identified as high risk, or in smaller groups. Listen to their  concerns and then use their ideas as suggested enhancements to your compliance program; those ideas can often form the basis of a large core of the enhancements to your existing compliance program. After rolling out your enhanced compliance program, during training, you can then give specific examples of how employee input led to the changes in the enhanced program. This engages the employees and made them feel like they were a part of, and had a vested interest in, the company’s compliance program; which in turn can lead to greater employee buy-in.
  5. Build strong relationships and networks. McGrath relates that the most valuable company employees are those with strong internal networks and relationships. This should be music to the ears of a compliance practitioner. Once again the key is engagement but I would also say that it can also be considered internal marketing. For this point I would suggest that you might consider the path taken by Peter Löscher who was hired as the Chief Executive Officer (CEO) of Siemens in 2007, in the depths of the largest bribery and corruption scandal of any company ever (at least to-date). In his first 100 days as CEO, Löscher went on a round the world tour of the company’s facilities, including meetings with customers, local governmental officials and Siemens employees. He accomplished this final component through meetings with local leadership teams, town hall-style meetings with all employees and dinners with top leadership teams in specific locations. He basically learned that Siemens employees were “shocked and ashamed, because they were very proud to be a part of Siemens.” He used these forums as a basis to begin to change the culture of the company which was then enmeshed in what became the world’s largest and most costly bribery and corruption scandal to date.
  6. Avoid brutal restructuring; learn healthy disengagement. While McGrath speaks in terms of restructuring, downsizing or mass firings, I believe that this point also has significance for the compliance practitioner. It may be that some of the ‘old ways’ of doing business need to change. Think about facilitation payments and how thinking has evolved on that topic, even in the past couple of years. Whatever you might think of small bribes they can act as an entry level into the wider world of actual bribery and corruption, remember that facilitation payments are not authorized under the UK Bribery Act. If your company has a UK subsidiary or UK citizens working for it you are required to maintain a ‘carve out’ for the UK subsidiary and UK citizens from your exemption of facilitation payments. This is an administrative nightmare for your books and records and one that many companies do not maintain all that well. But a key is your communication on this point.
  7. Get systemic about early-age innovation. McGrath believes that you must have a process for filling your innovation pipeline with new initiatives. Similarly, in the FCPA world resting on your laurels will not suffice. Here I think that the advice that my colleague, Stephen Martin, partner at the law firm of Baker and McKenzie, is certainly applicable. Martin suggests that each compliance department have a 1-3-5 year plan for upgrading of your compliance program. Such a plan can be reviewed on regular intervals and updated as new information, ideas or techniques become available. Such a plan can be used as your roadmap for moving forward and can be further supplemented by an annual risk assessment which may look more at the business to determine what or how its changes may have modified its compliance risks.
  8. Experiment, iterate, learn. McGrath advises that companies should “focus on experimentation and learning, and be prepared to make a shift or change as new discoveries happen.” In the compliance world, this can mean as new techniques for doing business in compliance become available, as new business models initiate new compliance risks, or as laws change. Witness the recent troubles of GSK in China. I think a clear sign from these events will be the increased anti-corruption enforcement of the Chinese government. It is fair or even right? I do not think that is the question for a compliance practitioner to ask. I think the question should be how can I use this information to help create a more effective compliance program going forward for my company? This might also be a good time to think about the advice I adapted from Michael Maslanka, that being that “all news is good news”. What does this mean for your compliance program? If you make an observation, see if it opens up or closes off other options for you. But the key is to pick an option and then act. And always, as Maslanka suggests, “Repeat until resolution.”

McGrath ends her piece by noting that one thing about strategy that has not changed and that is “it still requires making tough choices”. But by defining how you are going to do business in compliance and then how you will move forward from each new situation that presents itself until the next one will be a critical advantage to keep you from hot water or to help you navigate moving forward with regulators if you find yourself in such a situation.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomas Fox, Compliance Evangelist | Attorney Advertising

Written by:

Thomas Fox

Compliance Evangelist on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.